(CBS) – Embattled retailer Target now confirms hackers did steal customer PINs during a highly publicized security breach.

It’s a stunning turnaround for Target, which initially said the PINs were not taken. Now, there are more worries for shoppers who used credit or debit cards at the stores; some are eyeing their legal options.

READ MORE: Chicago Sky Win First WNBA Championship As They Top Phoenix Mercury

CBS 2’s Chris Martinez reports.

Of all the cases like this he’s seen, attorney Joe Siprut says it’s among the worst.

“We want them to be compensated because their time is valuable,” Siprut says of the victims.

One of them is his client, a Chicago woman who is the first plaintiff in his class-action lawsuit against Target.

“Target’s failure to safeguard information — as it should have — is basically a breach of contract. At its core it’s a breach of contract,” Siprut says.

READ MORE: At Least 4 People Killed, 17 Wounded In Weekend Gun Violence In Chicago

This latest lawsuit comes as the retail giant now admits encrypted PIN numbers were also lifted in the breach, which is thought to affect around 40 million shoppers.

Target says it is “confident PIN numbers are safe and secure.”

“The PIN information was fully encrypted at the keypad … debit card accounts have not been compromised,” the retailer says.

But Prof. Bill Kresse, an expert on the methods criminals use to commit fraud, cautions that the people who breached Target could begin making dummy ATM cards if they can decode the encrypted data.

MORE NEWS: Chicago Weather: Slow Warm-Up Beginning

Experts say if you’re affected you should consider changing your PIN or requesting a new debit or credit card, just to be safe.